President Bush to Propose Internet Monitoring System

The Bush administration will propose a new Internet monitoring system and will require ISPs to help build the system and track their users, according to reports.

The new requirements will part of the final version of “The National Strategy to Secure Cyberspace,” expected to be released in early 2003, according to a report in The New York Times.

Leading ISPs like America Online, AT&T and Microsoft, which are expected to raise concerns over the proposal, because some say the policy may cross a line regarding current corporate and personal privacy laws.

The sticking point is not government protection against viruses and hacker attacks on the nation’s information infrastructure, but rather the method, techniques and communications process between the government, private companies and individual users. Currently, there are strict laws concerning telephone wire taps, and it is unclear if those same protections will be extended for new government Internet monitoring techniques.

Experts say the Bush administration wants to create an “early warning center,” which would give it the power to monitor any aspect of Internet use in the U.S. But it’s still unclear what exactly the Bush administration is going ask from ISPs, and what the reaction will be from the companies, regulators and advocates of individual privacy.

“It sounds like they are planning a grand version of some sort of pattern matching software that will examine streams of e-mail, instant messages and web site addresses,” said Andrew Schulman, an independent software litigation consultant, based in Santa Rosa, California. Schulman said this software could be a help in tracking terrorist threats, but would alter current corporate and surveillance rules.

There are still unanswered questions about what “real-time” monitoring technology will be used, and what opportunities it may provide for information security software vendors.

“The concern is obviously we have Fourth amendment protections in terms of search and seizure, and there can only be reasonable, articulated and particularized searches. The danger of a system like this is that it is not based on suspicion of specific information, it’s a sweep without suspicion,” Schulman added.

While the report alludes to ISPs shouldering some of the responsibility to implement the new system, there are no details regarding whether ISPs will have to pay, or will be subsidized by government grants. It is also possible that ISPs will need to revise their existing contracts with users, if more intrusive surveillance practices are put in place.